Ticket #9055: 9055-3.diff

django/db/backends/__init__.py

@@ -684 +684 @@
         to_unicode = lambda s: force_text(s, strings_only=True, errors='replace')
         if isinstance(params, (list, tuple)):
             u_params = tuple(to_unicode(val) for val in params)
+        elif params is None:
+            u_params = ()
         else:
             u_params = dict((to_unicode(k), to_unicode(v)) for k, v in params.items())
 

django/db/backends/mysql/base.py

@@ -115 +115 @@
 
     def execute(self, query, args=None):
         try:
+            # args is None means no string interpolation
             return self.cursor.execute(query, args)
         except Database.IntegrityError as e:
             six.reraise(utils.IntegrityError, utils.IntegrityError(*tuple(e.args)), sys.exc_info()[2])

django/db/backends/oracle/base.py

@@ -748 +748 @@
             params = []
         else:
             params = self._format_params(params)
-        args = [(':arg%d' % i) for i in range(len(params))]
+            args = [(':arg%d' % i) for i in range(len(params))]
         # cx_Oracle wants no trailing ';' for SQL statements.  For PL/SQL, it
         # it does want a trailing ';' but not a trailing '/'.  However, these
         # characters must be included in the original query in case the query
         # is being passed to SQL*Plus.
         if query.endswith(';') or query.endswith('/'):
             query = query[:-1]
-        query = convert_unicode(query % tuple(args), self.charset)
+        if params is None:
+            query = convert_unicode(query, self.charset)
+        else:
+            query = convert_unicode(query % tuple(args), self.charset)
         self._guess_input_sizes([params])
         try:
             return self.cursor.execute(query, self._param_generator(params))

django/db/backends/postgresql_psycopg2/base.py

@@ -51 +51 @@
 
     def execute(self, query, args=None):
         try:
+            # args is None means no string interpolation                
             return self.cursor.execute(query, args)
         except Database.IntegrityError as e:
             six.reraise(utils.IntegrityError, utils.IntegrityError(*tuple(e.args)), sys.exc_info()[2])

django/db/backends/sqlite3/base.py

@@ -396 +396 @@
     This fixes it -- but note that if you want to use a literal "%s" in a query,
     you'll need to use "%%s".
     """
-    def execute(self, query, params=()):
-        query = self.convert_query(query)
+    def execute(self, query, params=None):
+        if params is not None:      
+            query = self.convert_query(query)
         try:
+            if params is None:
+                return Database.Cursor.execute(self, query)
             return Database.Cursor.execute(self, query, params)
         except Database.IntegrityError as e:
             six.reraise(utils.IntegrityError, utils.IntegrityError(*tuple(e.args)), sys.exc_info()[2])
@@ -415 +418 @@
             six.reraise(utils.DatabaseError, utils.DatabaseError(*tuple(e.args)), sys.exc_info()[2])
 
     def convert_query(self, query):
-        return FORMAT_QMARK_REGEX.sub('?', query).replace('%%','%')
+        return FORMAT_QMARK_REGEX.sub('?', query).replace('%%', '%')
 
 def _sqlite_date_extract(lookup_type, dt):
     if dt is None:

django/db/backends/util.py

@@ -34 +34 @@
 
 class CursorDebugWrapper(CursorWrapper):
 
-    def execute(self, sql, params=()):
+    def execute(self, sql, params=None):
         self.set_dirty()
         start = time()
         try:
+            if params is None:
+                # params default might be backend specific
+               return self.cursor.execute(sql)
             return self.cursor.execute(sql, params)
         finally:
             stop = time()

tests/regressiontests/backends/tests.py

@@ -353 +353 @@
 
 
 class EscapingChecks(TestCase):
+    """ Each test is run once with normal cursor, and once with
+        CursorDebugWrapper activated by setting DEBUG to True
+    """
+    def test_paramless_no_escaping(self):
+        cursor = connection.cursor()
+        cursor.execute("SELECT '%s'")
+        self.assertEquals(cursor.fetchall()[0][0], '%s')
+
+    @override_settings(DEBUG=True)
+    def test_paramless_no_escaping_debug(self):
+        self.test_paramless_no_escaping()
+
+    def test_parameter_escaping(self):
+        cursor = connection.cursor()
+        cursor.execute("SELECT '%%', %s", ('%d',))
+        self.assertEquals(cursor.fetchall()[0], ('%', '%d'))
+
+    @override_settings(DEBUG=True)
+    def test_parameter_escaping_debug(self):
+        self.test_parameter_escaping()
 
     @unittest.skipUnless(connection.vendor == 'sqlite',
                          "This is a sqlite-specific issue")
-    def test_parameter_escaping(self):
+    def test_sqlite_parameter_escaping(self):
         #13648: '%s' escaping support for sqlite3
         cursor = connection.cursor()
-        response = cursor.execute(
-            "select strftime('%%s', date('now'))").fetchall()[0][0]
-        self.assertNotEqual(response, None)
+        cursor.execute("select strftime('%s', date('now'))")
+        response = cursor.fetchall()[0][0]
         # response should be an non-zero integer
         self.assertTrue(int(response))
 
+    @unittest.skipUnless(connection.vendor == 'sqlite',
+                         "This is a sqlite-specific issue")
+    @override_settings(DEBUG=True)
+    def test_sqlite_parameter_escaping_debug(self):
+        self.test_sqlite_parameter_escaping()
+
 
 class SqlliteAggregationTests(TestCase):
     """